Card Processing
This topic discusses card processing in general terms and contains links to other topics with further details. The software is not responsible for the actual processing (settlement) of cards (by "cards" we include credit cards, bank cards, debit cards, and stored value cards). We pass the amount and other information to your selected card processing software or service.
Automated card processing is optional. When integrated with your application, the responsibility for data communication lies with both the software and the device. In the case of Verifone processing, the pad and/or PC are responsible for communicating with the card processor directly, no third-party software is required.
Card processing must be monitored by your company for accuracy and to ensure proper operation. Problems can occur with either the card software or your processor, so it's very important to compare (reconcile) all card transactions with reports available from the processing software/service and the statements you receive from your selected processing company.
With either the VeriFone PAYware Connect or Global Payments options, the pad and client (PC) handles all authorization and settlement, no additional software is required.
Bank Card Security
As a business, your company has certain responsibilities for safeguarding your customers' card information. You may have heard of PCI DSS compliance. PCI DSS stands for "Payment Card Industry Data Security Standards." These are security standards for card processing created by the PCI Security Standards Council, an organization founded by the major credit card companies. Below is a link to this organization's web site:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
Most PCI DSS requirements pertain to your company's network as well as internal data management and security procedures.
Is the Software PCI DSS compliant?
Due to changes in standards, we are currently migrating our customer base to Verifone Point and MX915 devices for EMV processing. With Verifone Point, all card processing is done between the processor and device with end-to-end encryption and there is no software integration or exchange of card information between the software and the device. In this case, the software and data avoids any compliance issues by not storing card data and by not exchanging any card information with the device or processor. Currently, and in the future, our application data maintains no track data including full card numbers, expiration dates, or CAV2/CVC2/CVV2/CID4 numbers. We only keep the last 4-digits of the card number, the card name, card type (Visa, etc.), and amounts as well as any other required information by the card industry.
How do I know if my company is compliant?
Even when the software is compliant or out of "scope," your company may or may not be. This depends upon a number of factors. You should read the information available on-line about PCI DSS and discuss any technology concerns with your network or IT provider. It's also important to establish internal policies that limit or eliminate access to customer's card data as well as to make card theft more easy to identify. Companies who aren't yet using Verifone Point and who handle and/or manually enter card information via the Process (F12) forms would not be compliant. As of October 1, 2015, a liability shift occurred which essentially transfers liability for fraudulent card transactions to the merchant. Any handling of card data by your company puts your company at risk for fraud and related expenses.
How Card Processing Works
Card processing begins when a Point of Sale transaction in the software is completed using a payment method involving a credit card, bank card, debit card, or stored-value card (requirements vary). There are two (2) options for card processing: Verifone PAYware Connect™ and Verifone Point™. Verifone Point will be replacing VeriFone PAYware Connect.
VeriFone PAYware Connect
With the VeriFone PAYware Connect option, the pad and an integrated software component are responsible for all processing. No additional management software is required on your network. A web based Merchant Console is used for management by your company. Pads communicate with the processor (VeriFone®) using the client PC's Internet connection and provide the ability to process credit, debit, and cash back transactions (known as cash out in some regions) from Point of Sale. Software necessary for pad operation on the client is provided with the application making integration seamless.
VeriFone PAYware Connect
Pads communicate with the PC to which they are assigned. Each PC must have an Internet connection which is used for card authorization. Programs and/or devices are specifically used for managing communication between the pad, client, and VeriFone PAYware Connect web server are installed with automatically, so there's no need to install any additional software or drivers on a client (PC).
VeriFone PAYware Connect™ works with several of the largest credit clearing agencies in the country, including Chase Paymentech, Global Payments East, Heartland Payment Systems, First Data North, Elavon, RBS WorldPay, First Data Omaha, First Data Nashville, and TSYS. To guarantee that your card processor will work with VeriFone equipment and services, it is suggested that you have our support department review your processor’s software setup document which your processor can supply to you upon request.
Verifone Point
In the case of Verifone Point, all card processing is managed by the device and there is no software component involved. This solution is intended for use with Point of Sale where a card is present. With Verifone Point, communication between the pad (Verifone MX915 Models) and our software is minimal which is why this is described as a "semi-integrated" solution. Due to this, card processing with Verifone Point offers no ability to pass card information from our software to the devices. Devices (pads) must be assigned network settings corresponding with your network and gateway for Internet access required for processing. If your application is cloud based (hosted), you will be provided with IP addresses for all network devices including the pads. Pads must be installed with specific software including the VHQ agent which allows remote updates. Pad devices must be paired with specific stations (Point of Sale locations).
Verifone Point
The VeriFone PAYware Connect console is still available for maintenance, reporting, card contracts (tokenization), and other management functions.
Devices require VeriFone PAYware Connect™ Transaction Bundle(s). Both the devices and the transaction bundles must be purchased from ECi Software Solutions, Inc. Signature pad devices must be attached to your Windows network through a hub or switch using a network cable with RJ-45 ends. They require a separate power connection using the included power supply. Pads may not be shared, so only one device per station is allowed.
Since PCI and regulatory requirements can change, we recommend confirming current payment device model recommendations with your sales representative prior to making any new signature pad purchase.
Remote Connections: Cloud, Thin Clients, and Terminal Services
IP based signature pad devices may be used with remote connections such as cloud-based hosting, thin Clients, and a terminal server; however, we don't suggest or support using them with USB connections. The VeriFone pads require a driver to be installed to work over USB and this driver may not work on a thin client. Thin Clients also work by using Remote Desktop. In a Remote Desktop scenario, the data transmitted over remote desktop, including the USB card swipe data, is not necessarily encrypted and would not be PCI DSS compliant should this data go over an unencrypted wireless or outside internet connection. If you choose to use USB connections, the serial connections must be encrypted to meet requirements whenever there is exposure to the outside world. In general, if your network has any wireless or Internet exposure, you should be using encryption for all network communication.
Card Processing
Assuming a customer is authorized, the card processor (clearing house) typically places a temporary hold on the customer's bank card account for the purchase total which immediately affects the customer's credit limit. An authorization code is returned and associated with the transaction in the software. For the bank card to actually be charged (recording the transaction permanently), some type of settlement must be done. This may occur immediately or on a schedule. If final settlement doesn't process for some reason, the customer's card is not charged, and eventually, the hold on the funds is removed.
Card processing should be monitored by someone at your company to ensure proper operation. Reports and data provided in the merchant console should be processed and compared to the bank card transactions from the software for the settlement period on a regular basis (we suggest daily). The Cashiers Report located in the Point of Sale area may be run filtered on bank card transactions for comparison. Companies using Capital One Trade Credit (formerly BlueTarp ® Financial Services) need to back any Capital One Trade Credit (formerly BlueTarp) transactions out of the bank card totals.
Product Comparison
Note: We are no longer supporting or suggesting either ICVerify for Windows or PCCharge as options for card processing. These products have not been used for new installations in many years and are outdated.
|
Verifone Point |
VeriFone PAYware Connect |
VeriFone with Global Payments (Canada) |
---|---|---|---|
Credit Cards |
Yes |
Yes |
Yes |
Debit Cards |
Yes |
Yes1 |
Yes |
Cash Back/Cash Out |
Yes |
Yes |
No |
Gift Cards |
Yes |
Yes |
No |
Stored Value Cards (Do it Best) |
Yes4 |
Yes |
No |
Customer Signature |
Yes |
Yes |
No |
Optional Item Display |
Yes |
Yes |
No |
Windows Operating System |
N/A |
Any 32 or 64-Bit Supported Microsoft Operating System. |
Any 32 or 64-Bit Supported Microsoft Operating System. |
Requires 3rd Party Software |
No2 |
No2 |
No |
Requires Pad Use |
Yes |
No |
Yes |
Swipe Cards at Any Time |
Yes |
No3 |
No |
1Debit Card Processing requires key injection by your company's selected processor. Each processor has their own security keys. Pads must be shipped to your processor, injected, and shipped back which should be considered when ordering.
2An on-line Merchant Console is used with VeriFone PAYware Connect. No additional software needs to be installed on a server or client within your company's network.
3VeriFone pads prompt the customer to swipe or insert their card when ready. This is due to the way the pads integrate with the client and software.
4Do it Best gift cards require the use of a specific processor, WorldPay®. Processors must individually certify with Verifone for EMV processing. As of July 2016, this has not yet occurred.
Charges related to VeriFone PAYware Connect are bundled with your monthly maintenance billing. This does not include fees from your selected card processor (bank/clearing house).
PCCharge and PAYware Connect are products of VeriFone, Inc. PCCharge, PAYware Connect, the Verifone logo, and VeriFone are either trademarks or registered trademarks of VeriFone, Inc. in the United States and/or other countries.
ICVerify is a product of First Data Corporation. ICVerify and First Data are either trademarks or registered trademarks of First Data Corporation in the United States and many foreign countries.
ECi Software Solutions, Inc. is not affiliated with VeriFone, Inc. or First Data Corporation in any way.